At the same time that email and other forms of Internet communications are becoming more ubiquitous, as more and more people depend on them for everyday personal and business purposes, the technologies used to implement these forms of communications are also advancing at an incredible speed in terms of their complexity and flexibility. As a result, a situation emerges in which a user-base is expanding, often with an ever increasing number of non-technically savvy new users, at the same time that the software used by such users is becoming more sophisticated. This increasing gap between users' technical familiarity with the tools they employ and the intricacies of those same tools presents hackers and other bad actors with the opportunity to exploit a large and unsuspecting user-base.
One common technique that hackers have used to exploit this gap is the social engineering attack. In a social engineering attack, a hacker seeks to extract information from a user by deceiving the user into believing that he or she is providing the information to or taking some action with respect to a trusted party. The social engineering attack thus differs from other hacking attacks in which a hacker may attempt to gain access to a computer or network purely through technological means or without the victim's assistance.
A “phishing” attempt is an example of a social engineering attack. In a phishing attempt, a hacker may send an email that poses as another party, such as a bank or other entity with which the user has an account. The phishing email may use company logos or information about the user to appear legitimate. The user is invited to “log in” or to provide other information to a fraudulent website that mimics a legitimate website, for example, by telling the user that he or she must reset his or her password. When the user logs into the fraudulent website, usually operated by the hacker, the hacker obtains the user's password or other information, which the hacker may then use to log into the user's actual account.
Another example of a social engineering attack is when a user is sent an email inviting the user to click on a link to access a webpage or download content that harbors malware. The term malware generally refers to any kind of program that is designed to perform operations that the owner or user of the computer on which the program resides would not approve of, and may include viruses, worms, trojan horses, spyware, or adware. For example, a user may be sent an email that purports to be from a person or an institution that the user knows. The email invites the user to download a song or movie by providing a link. However, the link may instead point to malware that, once downloaded and executed by the user, installs a trojan horse, virus, or other malware on the user's computer.
Traditional approaches to protecting users from social engineering attacks have tended to focus on analyzing the email itself for standard patterns and clues as to whether the email may be a social engineering attack. However, this approach is of limited value when the email either does not contain one or more of the standard patterns or may be recognized as malicious only by referencing external information associated with the email, which external information may be constantly changing or evolving. There is therefore a need for methods and systems that are able to evaluate emails using information external to the content of the emails themselves.